PubNub is a HIPAA-compliant instant messaging platform that supports message and file encryption using AES-256-CBC.
The provided encryption is flawed, it drops half of the entropy from the encrpytion key, effectively half of the encrpytion key is constant.
The getKey function does an SHA-256 on the provided key string to make it the required 256bit (32byte) length for the AES-256. Then it's hex encoded, doubling the length in bytes then trimmed to 32 bytes. Due to hex encoding and trimming half of the bits in the key are always the same for every encoded message or file.
https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70
async getKey(key) {
const bKey = Buffer.from(key);
const abHash = await crypto.subtle.digest('SHA-256', bKey.buffer);
const abKey = Buffer.from(Buffer.from(abHash).toString('hex').slice(0, 32), 'utf8').buffer;
return crypto.subtle.importKey('raw', abKey, 'AES-CBC', true, ['encrypt', 'decrypt']);
}
Of course they can! I was referring to HIPAA compliance in that case.
Let's say you remove the encryption from the PubNub API. Can you still advertise PubNub as HIPAA compliant service?
Let's say you keep it like this. PubNub's partner signs a BAA, but then choose not to use the encryption PubNub provides for HIPAA compliance, but do something else. Are they still HIPAA compliant?
Why you should fix this by removing hex encode:
encrypt
function is less secure than AES-256, even if under the hood it's using AES-256.It's a breaking change, and all the other PubNub client libraries should be changed the same way:
Look, I'm not working for PubNub, nor working for Snyk. I'm not paid to help. I'm just a freelancer, who run into this on a project. I just suggest to have this fixed.
Have a nice day